Systems for authenticating the identity of an individual are now becoming widely deployed. Such systems may be used to enhance security at a border crossing, to identify individuals in a citizen ID scheme, to allow physical access to a building, to provide logical access to networks and computer applications, to prove identity during retail transactions, amongst many other possible applications.
Known techniques used within such authentication systems for validating the identity of an individual include the use of passwords, tokens, biometrics, or any combination of these. Within a biometric-based system, biometric samples are captured from an individual and enrolled, or stored, within the system for use in later authentications. Examples include fingerprint, iris, or face images, or a recorded sample of a voice.
Features may be extracted from the image to generate biometric templates. These are usually a smaller compact representation of the biometric features present in the image. Typically, the templates are used in the day-to-day operations of the system to authenticate individuals whereas the original biometric data or images is stored or archived. There are many valid reasons for storing this data. Some examples include:                Re-generating templates from the data if the original templates are no longer available, such as in a system where templates are stored on a portable card and the card is misplaced or stolen        Generating templates using an enhanced version of the algorithm        Allowing algorithm migration by generating new templates using different algorithms, without having to re-enroll the user        Processing the data within biometric experiments including algorithm and sensor benchmarking        Using the data as part of a forensic examination        
Ensuring the security and privacy of stored personal data in today's electronic environment is important. Attempts to gain access to such personal data, such as that against ChoicePoint™, are becoming more and more common. With biometric data, in particular biometric images, these security issues are of a paramount importance. The biometric data must be protected, not only to ensure the security of the authentication scheme, but also to maintain the privacy and rights of its users. If an attacker were able to obtain a biometric image and the identity of the person to whom that image belonged, then there would be no privacy present. Therefore, in the storage of biometric images it is important to note that the biometric in itself provides no indication as to who the person who provided the biometric is, it is the association of that image with an identifier for that person and that couplet or pair that provides the real threat.
As such, even if an attacker is able to gain access, in an unauthorized manner, to the stored biometric images, it should be impossible for that attacker to determine from which individual the biometric data was acquired. The logical link between a user's personal data and the biometric images needs to be protected. Current state-of-the-art biometric storage systems do not provide this capability, as they typically store the user identifier along with the corresponding biometric image in the same database, often using the identifier to index the image for later retrieval.
There is therefore a need to provide a method and system for protecting the privacy of stored biometric data, and in particular ensuring that the link between the biometric data and the user from whom those images were acquired is strongly safeguarded.